Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/OxQUm2cc932_SbZHxUC7er0Sf-I.roa
File:                     OxQUm2cc932_SbZHxUC7er0Sf-I.roa (raw, json)
Hash identifier:          j3K3BKXe7Af0d19rliHQJv9FsfvecTZMNvSiBZonE64=
Subject key identifier:   3B:14:14:9B:67:1C:F7:7D:BF:49:B6:47:C5:40:BB:7A:BD:12:7F:E2
Certificate issuer:       /CN=6821c8ff0437f7edd829166fde03446f86109d80
Certificate serial:       01941FFA179231B30E495AC404885FFC826E
Authority key identifier: 68:21:C8:FF:04:37:F7:ED:D8:29:16:6F:DE:03:44:6F:86:10:9D:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/OxQUm2cc932_SbZHxUC7er0Sf-I.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212761
IP address blocks:        91.227.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:17:92:31:b3:0e:49:5a:c4:04:88:5f:fc:82:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6821c8ff0437f7edd829166fde03446f86109d80
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b14149b671cf77dbf49b647c540bb7abd127fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:db:78:d8:41:6e:09:74:a5:4b:e9:6f:b3:71:
                    41:5e:53:f2:46:65:24:00:cf:57:b0:f9:e6:4f:7f:
                    3c:ea:bf:06:a9:6a:ed:90:3e:b9:ac:ab:e1:d5:a1:
                    40:c4:8f:6e:6c:df:b0:8e:b7:f5:3a:4a:2d:cf:1e:
                    4b:44:dd:b0:85:29:a3:f4:c2:b3:a1:93:e5:88:70:
                    56:c3:52:f4:da:9d:38:92:fc:56:99:be:28:0c:5b:
                    77:41:33:ae:13:51:9b:43:34:15:e0:5a:4d:0b:34:
                    8d:dc:bb:91:c2:ab:37:56:b6:42:b8:13:10:c4:a5:
                    7b:ed:09:9a:84:07:0d:ae:8e:e6:8b:65:c4:11:35:
                    65:62:4e:35:0b:02:6a:01:40:b3:41:95:52:27:e9:
                    43:f3:63:4e:52:cf:ac:ce:f1:4c:06:25:76:66:18:
                    d7:ca:e0:a1:24:dc:c1:22:9d:9b:57:73:b9:f0:aa:
                    e3:4e:c9:a8:cd:5f:24:70:5b:9f:37:38:c0:f3:ae:
                    51:82:1f:4a:dc:90:c8:4b:6d:a5:4c:f1:33:03:6d:
                    92:f5:30:f3:50:57:90:bc:84:c8:10:0a:44:ca:6c:
                    f6:5e:a3:7b:3a:7e:1e:31:fa:48:fe:72:d4:3e:7b:
                    03:96:f5:57:bf:eb:fa:4d:83:ae:1e:40:5c:bc:5e:
                    a1:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:14:14:9B:67:1C:F7:7D:BF:49:B6:47:C5:40:BB:7A:BD:12:7F:E2
            X509v3 Authority Key Identifier:
                keyid:68:21:C8:FF:04:37:F7:ED:D8:29:16:6F:DE:03:44:6F:86:10:9D:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/OxQUm2cc932_SbZHxUC7er0Sf-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:2c:3c:f6:28:27:ba:91:e3:e2:1c:80:cd:a0:28:57:e9:7c:
         5a:cb:7e:88:67:35:ae:6e:fe:f1:bd:dc:db:dc:df:9d:bb:0d:
         e9:88:a2:30:70:7c:c2:64:2c:2e:29:23:85:c3:67:b2:1c:ee:
         68:ce:dc:52:bd:e6:c6:ec:31:1e:b9:14:19:e9:11:27:2f:b8:
         64:df:c0:27:10:31:cd:d0:64:d1:b6:cc:73:de:3c:11:23:7a:
         6f:67:74:e8:76:71:61:c0:9e:53:6b:e5:36:e0:e0:8a:97:fd:
         6c:80:de:43:de:3b:44:08:b9:3a:05:01:cf:9c:4b:55:92:c0:
         fd:fe:f0:4e:a0:8a:ee:b1:18:2c:26:97:63:f8:4c:3e:1f:a1:
         87:38:5a:f6:de:4a:18:ca:04:e3:d4:66:d8:8d:1c:54:6a:6f:
         ee:c9:0f:62:02:15:a8:85:4c:3f:d2:bd:8d:ef:a2:dd:e3:7a:
         45:0b:ae:0f:a2:27:6b:8d:ce:ac:71:e0:f5:05:77:ec:22:90:
         b6:05:d5:ba:48:d5:a7:c9:92:b8:3a:0c:27:06:56:72:cc:54:
         11:32:ec:d1:c3:c7:e9:4a:bb:d0:4c:8b:53:83:26:f3:fb:f0:
         de:aa:1d:4b:be:ab:11:e9:74:73:7b:fb:b4:62:73:14:49:45:
         b9:fc:4f:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+heSMbMOSVrEBIhf/IJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MjFjOGZmMDQzN2Y3ZWRkODI5MTY2ZmRlMDM0NDZmODYx
MDlkODAwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE0MTQ5YjY3MWNmNzdkYmY0OWI2NDdjNTQwYmI3YWJkMTI3ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNt42EFuCXSlS+lvs3FBXlPyRmUk
AM9XsPnmT3886r8GqWrtkD65rKvh1aFAxI9ubN+wjrf1Okotzx5LRN2whSmj9MKz
oZPliHBWw1L02p04kvxWmb4oDFt3QTOuE1GbQzQV4FpNCzSN3LuRwqs3VrZCuBMQ
xKV77QmahAcNro7mi2XEETVlYk41CwJqAUCzQZVSJ+lD82NOUs+szvFMBiV2ZhjX
yuChJNzBIp2bV3O58KrjTsmozV8kcFufNzjA865Rgh9K3JDIS22lTPEzA22S9TDz
UFeQvITIEApEymz2XqN7On4eMfpI/nLUPnsDlvVXv+v6TYOuHkBcvF6hyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsUFJtnHPd9v0m2R8VAu3q9En/iMB8GA1UdIwQY
MBaAFGghyP8EN/ft2CkWb94DRG+GEJ2AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUNISV93UTM5LTNZS1JadjNnTkViNFlRbllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xM2IxNDQtYmUxNi00OTIyLWE5ODMt
MjVhZTkyOTNmNmI0LzEvT3hRVW0yY2M5MzJfU2JaSHhVQzdlcjBTZi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xM2IxNDQtYmUxNi00OTIyLWE5ODMtMjVhZTkyOTNmNmI0
LzEvYUNISV93UTM5LTNZS1JadjNnTkViNFlRbllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MqMA0G
CSqGSIb3DQEBCwUAA4IBAQCALDz2KCe6kePiHIDNoChX6Xxay36IZzWubv7xvdzb
3N+duw3piKIwcHzCZCwuKSOFw2eyHO5oztxSvebG7DEeuRQZ6REnL7hk38AnEDHN
0GTRtsxz3jwRI3pvZ3TodnFhwJ5Ta+U24OCKl/1sgN5D3jtECLk6BQHPnEtVksD9
/vBOoIrusRgsJpdj+Ew+H6GHOFr23koYygTj1GbYjRxUam/uyQ9iAhWohUw/0r2N
76Ld43pFC64Poidrjc6sceD1BXfsIpC2BdW6SNWnyZK4OgwnBlZyzFQRMuzRw8fp
SrvQTItTgybz+/Deqh1LvqsR6XRze/u0YnMUSUW5/E/D
-----END CERTIFICATE-----